<?php

/**
 * Плагин контролирует права доступа
 */
/**
 * @todo Проверить распределение прав доступа
 */
class Extends_Controller_Plugin_AclManager
        extends Zend_Controller_Plugin_Abstract {

    private $_defaultRole = 'guest';

    public function __construct(Zend_Auth $auth) {        
        $this->auth = $auth;
        $this->acl = new Zend_Acl();

        $this->acl->addRole(new Zend_Acl_Role($this->_defaultRole));
        $this->acl->addRole(new Zend_Acl_Role('patient'));
        $this->acl->addRole(new Zend_Acl_Role('doctor'));
        $this->acl->addRole(new Zend_Acl_Role('admin'), array(
            'patient',
            'doctor'
        ));

        $this->acl->add(new Zend_Acl_Resource('registration'));
        $this->acl->add(new Zend_Acl_Resource('authorization'));
        $this->acl->add(new Zend_Acl_Resource('patient'));
        $this->acl->add(new Zend_Acl_Resource('doctor'));
        $this->acl->add(new Zend_Acl_Resource('administration'));
        $this->acl->add(new Zend_Acl_Resource('default'));

        $this->acl->deny();
	$this->acl->allow(null, array(
	    'default',
	    'authorization',
	    'registration'
	));
        //Guest permission
        $this->acl->allow('guest', 'registration');
        $this->acl->allow('guest', 'authorization');
        $this->acl->allow('guest', 'default');

        //Patient permission
        $this->acl->allow('patient', 'patient');
        $this->acl->deny('patient', 'patient', null, new Extends_Acl_Assert_IsFirstLogin());
        $this->acl->allow('patient', 'authorization', 'logout');

        //Doctor permission
        $this->acl->allow('doctor', 'doctor');
        $this->acl->allow('doctor', 'authorization', 'logout');

        //Admin permission
        $this->acl->allow('admin', 'administration');
        $this->acl->allow('admin', 'authorization', 'logout');

        /* $this->acl->allow();
          $this->acl->deny(NULL, array(
          'patient'
          ));

          $this->acl->allow(NULL, array(
          'registration',
          'authorization'));
          $this->acl->allow('patient', array(
          'patient'
          ));
          $this->acl->deny('patient', 'patient', null, new Extends_Acl_Assert_IsFirstLogin());
          $this->acl->allow('patient', 'patient', 'profile', new Extends_Acl_Assert_IsFirstLogin()); */
    }

    public function preDispatch(Zend_Controller_Request_Abstract $request) {
        if ($this->auth->hasIdentity()) {
            $member = $this->auth->getIdentity();
            $role = $member['Role'];
        }
        else {
            $role = $this->_defaultRole;
        }

        if (!$this->acl->hasRole($role)) {
            $role = $this->_defaultRole;
        }

        $resource = $request->getModuleName();

        $privilege = $request->getActionName();

        if (!$this->acl->has($resource)) {
            $resource = NULL;
        }

        if (!$this->acl->isAllowed($role, $resource, $privilege)) {
            if ($this->auth->hasIdentity()) {
                if ($role == 'patient' & $resource == 'patient') {
                    $assert = new Extends_Acl_Assert_IsFirstLogin();
                    $is_first_login = $assert->_IsFirstLogin();
                    if ($is_first_login) {
                        $request->setModuleName('registration');
                        $request->setControllerName('profile');
                        $request->setActionName('index');
                    }
                    else {
                        $request->setModuleName('patient');
                    }
                }
                else {
                    $request->setModuleName('authorization');
                    $request->setControllerName('index');
                    $request->setActionName('index');
                }
            }
            else {
                $request->setModuleName('authorization');
                $request->setControllerName('index');
                $request->setActionName('index');
            }
        }
    }

    public function postDispatch(Zend_Controller_Request_Abstract $request) {
        //parent::postDispatch($request);

        if (Zend_Auth::getInstance()->getIdentity() != NULL) {
            Zend_Registry::get('logger')->log(Zend_Auth::getInstance()->getIdentity(), Zend_Log::INFO);
        }
        else {
            Zend_Registry::get('logger')->log('Не зарегистрирован.', Zend_Log::INFO);
        }
    }

}
